Readers' comments

Great, so when these technologies are made available, the fact that they are "device independent" means that the world's law enforcement agencies will lose all ability to gather signals intelligence from criminals that acquire them. Not sure the ability of governments to guarantee they can hide info from each other is worth the rise in criminal activity.

Also, I forgot; I'm cuurently working on a project that encrypts messages into a wave-stream of photons. Theoreticlly, with developing technology, there are no curent physical rules which determine an 'absolute ceiling' spped, which means the universe only is our limit (Hey, a new cliche!)

You can get one for £4.99 off eBay saying 'DEATH TO ALL LAME CLICHES', I recommend. Bright yellow, with black IMPACT font emblazoned all over it. It has a picture of the famous Dictionary of Cliche's book smouldering as well...

Comparing one of a pair of entangled photons moving through space at around 25,000kph with another on the ground will . . .

I suspect that sentence was intended to read:

Comparing one of a pair of entangled photons [while] moving through space at around 25,000kph with another [while] on the ground will . . .

From my rudimentary knowledge of these things – which could be gobbledegook - this will raise the issue of causality. Because of the relative speeds involved, an observer in one frame of reference could see the space measurement occurring "first" and “causing” the polarisation of the Earth measurement which occurs later. But an observer in another frame of reference could see the Earth measurement occurring first and causing the polarisation of the space measurement. And as other experiments have shown that the photons themselves cannot know which way they are polarised until they are actually measured, this will raise an insuperable problem of causality.

But I have no doubt that g cross or some other commenter will explain why I've got this all wrong!!

I am muddy in this area too, but measuring entanglement results in each side seeing the same value (spooky action at a distance) being observed; it wont matter if earth or orbital is measured first. The fact of measurement leads to no information about the order of measuement A or B and causuality is preserved, or more precisely is left undefined and therefore still unbroken.

I think Alain Aspect's experiment in 1981 showed that there could be no "local" hidden variables: those that explained entanglement by sending hidden information with the photons themselves or transmitting information between them at less than the speed of light.

If the photons themselves can be carrying no hidden-variable information on what their polarisation will be when measured, the correlation between them must arise from some sort of "action" of one on the other. But in Aspect's experiment the distance between the measurements was such that the information could not have been transmitted even at the speed of light. Subsequent experiments have shown that the information must be conveyed at least 10,000 times faster than the speed of light (and possibly infinitely fast).

I can accept all that in a world where we are all at rest relative to one another. Information on entanglement is somehow transmitted – infinitely fast - from the “first” photon to be measured to the other photon that allows it to know what its polarisation must be when the “second” measurement occurs.

Where my brain freezes over is when there is relative motion between the measurement laboratories. Then – as I understand it – there is no “first” and “second” measurement. An observer in one frame of reference will see A as being the first measurement and B as the second. But another observer will see B as the first measurement and A as the second.

Aghhhh!! So is the information being transmitted instantaneously from A to B or from B to A??

And if information is not being transmitted between the photons (because which way would it be travelling, A->B or A<-B??) AND the photons are not carrying the information along with them, then how do they become entangled?

In any case you will never find “photons moving through space at around 25,000kph”!!

Eistein didn't like Quatum physics much, and called entanglement spooky action at a distance. Thing is we see the same relationship between time and positon over and over again, more precision of one dulls accuracy in the other, and in the case of relatavistic speeds "time" slows. There are more intuition breaking (non) aspects to the nature of spacetime in store for man's little mind.
If entanglement also means their state is merged; they are the same "thing". Everything I recall about Quantum experiments points to how outcomes are consistent with the -conditions- that determine if matter should act like a wave or a particle, regardless of the "fact" that these particles "already" should have been forced into one state or another. Come back anytime later, and its how you inspect the aparatus that defines the outcome. So regular QP is already doing bad things to our sanity about "when" stuff happened.
(speculation)
Because the same state is represented by more than one "particle", it probably doesn't really matter that they are separated; that bit of information got to whatever location it is in the universe, even to multiple places beause of entanglement, constrained by the speed of light. I dont think any information is hidden, its inherent in the entangled particle -- and because that information is redundant in two places and got there by the speed of light, it does't matter "where" its condensed into wave or particle our little part of the over-verse.... and time doesnt "count". In the same way slit experiments show particles or waves... time doesnt matter.

I do know about this. And Quantum cryptography is fun as science and a complete waste of time as engineering. Of course it works (albeit rather badly - data rates are pathetic) - but it solves a problem we do nat have. It is entirely straightforward to encrypt a message in such a way as to be unbreakable, even in principle - all that is necessary is that the random 'key' be longer than the message (as opposed to the few hundred bits normally regarded as sufficient). Moderne technology makes this perfectly straightforward to arrange; it is called a 'one-time-pad', because no part of the key is used twice, and has been known for many decades. There are no restrictions on transmission - any digital system is fine.

Quantum encryption is thus fun science and an exercise in marketing as in 'we have quantum'. The sheer absurdity of it as practical engineering is aptly demonstrated by people getting around the low data rate by only using the quantum channel to distribute a key, which is then used conventionally on an ordinary channel, But if this key is shorter than the message the resulting distribution is no longer absolutely secure (or if it isn't then the data rate is still very low).

yes, we can use one time pad to encrypt any message *as long as* no one except the communicating parties know the secret key. But how if the secret key is discovered by the adversary even without you knowing it? You can still communicate using that secret key but in fact you encryption is completely insecure.

This is how quantum cryptography or what they prefer to call quantum key distribution comes in, it offers a way for you to generate a secure secret key while at the same time making sure that the adversary does not know the secret key. What's so interesting about it as it has been mentioned above, you can even buy the key generating machine from your adversary while making sure that the adversary has zero knowledge of the generated secret keys.

Of course, the experimental aspect of quantum cryptography is still in development because in general theory is not equal to experiment (at least, the last time I read about it... can an expert keeps me updated?). Nevertheless, in principle it's possible to make sure that your adversary knows nothing about the key even if he (or she) is the one that makes the machine.

This is not so - no form of communication (in fact secure or otherwise) can be made without some prior 'secure' contact, and this is equally true of quantum, or indeed of any interpersonal communications. The problem is that you do not know who you are talking to, and thus an intruder can intermediate and face both ways. This applies even to talking to someone face-to-face, when various visual cues are used for verification, and to any form of secure comms (including quantum) regardless of technology - an initial verification key is invariably necessary.

To be sure you can assume you are initially safe (because of some physical verification) and then detect a new intruder via quantum. But you can much more easily do this with a one time pad.

no, willstewart, you are utterly wrong. You ought not to have started with your first sentence "I do know about this." You are conflating encryption and key distribution. OTP is secure, *key distribution* is not secure. QKD addresses the security of key distribution. Your statement "and thus an intruder can intermediate and face both ways" is incorrect for quantum key distribution, as avoiding man in the middle attacks is one of the key points of QKD. Also, you cannot "much more easily" authenticate "and then detect a new intruder" with a one time pad. After verification you won't have a practical way to distribute new keys unless you and your friend share a huge set of pre-shared keys which never get repeated. The only way for you and your friend to get keys by other means is for someone to distribute them via, say, QKD. Lastly, bandwidths are not "pathetic"; you should do a little more googling on the subject. QKD is not a lab toy at the moment. Banks currently buy QKD devices for use in encrypting their networks. As mentioned in the article, QKD is used to secure many other types of networks such as voting reporting. Google about the Vienna and Tokyo QKD networks for some info on state of the art bandwidths.

1 - key distribution is no more or less secure than any other encrypted transmission. Indeed QC can be a secure way of doing this - if and only if the secure link is already authenticated by prior key exchange (usually physically at time of setup). But the subsequent key-enabled (non-quantum) encrypted usage is not absolutely secure if the key is shorter than the message (regardless of the technology used).

2 - the only reason for using QC for key distribution is to raise the data rate - if QC were normal rate (now in the 100's GBit/s for many networks and heading up) the keys would be pointless - one would just use the QC link for transmission!

3 - Man-in-the-middle attacks can only be detected by using new (that is unused) key information not known to the intruder. This can indeed be done using QC. But since you can get many GBytes on a memory stick (enough for as many years as it would be safe to trust a link anyway!) it is much more easily done at initial setup - when you have to exchange a secure key by non-new methods anyway (as you do for QC). Usage as a one-time-pad does this continuously and automatically.

Not really - if the third party knows at any moment everything that the intended recipient knows (for example a one-time-pad key or the QC link history) then indeed he can 'take over' the link and pass the data on to the intended recipient. He needs to do this both ways of course.

The logical problem is that success here requires complete prior knowledge - either of the quantum history or of both keys (which will be different for each direction). If he has this he has already broken in at both ends - making the exercise a bit pointless?

1. This point doesn't support your arguments. The application advantage is simple here: QKD has the potential to pass encryption keys in an unconditionally secure way. Bitrate is a nonissue, a mere technical point that is going to be solved. Case in point, the networks I pointed out before all use QKD to distribute key material for use in OTPs. Your advocating OTP is fine, but there is no known unconditionally secure way to get enough keys from A to B without them being preshared aside from using QKD. (hint, it is not practical to use preshared keys all the time, and it can not be done in an ad hoc manner, a major disadvantage compared to QKD).

2. No, the purpose of the QC is not just to raise data rate. The use of a QC is the whole point of QKD since passing the key information over the quantum channel you can avoid others eavesdropping on the key. And no, the keys _would_not_be_pointless_ even with high bandwidth quantum channels! If you encode information in the quantum state directly, without encryption, you will not leave room for a privacy amplification step. In that case, even though you are transmitting a quantum signal, Eve may still be able to measure part of it and obtain part of your message! The point of QKD is that even if Eve gets part of the key material Alice sends to Bob, it can always be distilled to a totally secure key about which Eve knows nothing after privacy amplification. Look up mutual information for more on that. It is impossible to do such a thing over a classical channel.

3. Here you are setting up an alternative idea and assuming that it must be better than QKD. Sure, using a ton of keys on a disk is good for a known secure link. We use SecurID to authenticate using a very similar idea (except the "keys" are hashes used for a "one time password"). Your qualifier "it is much more easily done" is the part of this argument that is incorrect. In fact it is impractical to store enough key material for all users on very large networks, with each user having his own large repository of key material. Also, in your scenario, the keys themselves are still much less secure than in QKD. In your case, if Eve obtains the disk with keys, it's game over. In QKD, this danger is irrelevant because keys are generated and distributed on demand. Also, QKD can be reconfigurable, with multiple Alices talking to multiple Bobs; your solution is much more static.

Quantum cryptography will solve a problem we WILL soon have: the obsolescence of our current cryptological algorithms that quantum computers will bring.
In the future, quantum computers will be able to crack ALL crypto algorithms in zero seconds flat (except one-time pad), at which point we better have quantum cryptography up and running, otherwise the financial system will be in big trouble, not able to encrypt financial transactions online.
Otherwise we will see heavily armed couriers transporting data storage devices full of ones and zeros for one-time pad crypto across the world :)